General
-
Target
783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
-
Size
2.7MB
-
Sample
240630-2421yaycmf
-
MD5
371d95abce192df7ac5648f4f954c456
-
SHA1
f243994c2906525292b44b40e78aa0358589592f
-
SHA256
783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
-
SHA512
6ef6bf42d47e3a5b4995ddd985c6726ffd1883ecbbf3c71f62511abc7d20fde208cd0371a3bcff54c855c253e1d483dd8a9ed2b661d734df3ac526a9514b3979
-
SSDEEP
49152:uc4IZF1R2mztVOo6Ol9ureHIge8lDNlMdCKaGv2LkmNKUSW:uc4IZvR2mztVOo6Ol9uriIge8lP
Malware Config
Extracted
quasar
1.4.1
serviceone
serviceofflineupdate.ddnsgeek.com:4782
17af5434-027b-475c-85b6-fca637f3330d
-
encryption_key
F5275112E106580A140655595766AE270983F72B
-
install_name
Chrome.exe
-
log_directory
Logs
-
reconnect_delay
6000
-
startup_key
chrome update
-
subdirectory
SubDir
Targets
-
-
Target
783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
-
Size
2.7MB
-
MD5
371d95abce192df7ac5648f4f954c456
-
SHA1
f243994c2906525292b44b40e78aa0358589592f
-
SHA256
783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
-
SHA512
6ef6bf42d47e3a5b4995ddd985c6726ffd1883ecbbf3c71f62511abc7d20fde208cd0371a3bcff54c855c253e1d483dd8a9ed2b661d734df3ac526a9514b3979
-
SSDEEP
49152:uc4IZF1R2mztVOo6Ol9ureHIge8lDNlMdCKaGv2LkmNKUSW:uc4IZvR2mztVOo6Ol9uriIge8lP
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-